North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Who is announcing bogons?

  • From: Jack Bates
  • Date: Mon Apr 28 21:36:35 2003

Sean Donelan wrote:
But my real question is why are negative bogon lists necessary?  If you
ask providers, they all say they implement positive prefix list filters
on all their customers.  So who is injecting the bogons?  And why do they
still have a network connection?

This is true. Case in point: During this last month, a large provider not only routed a /16 network for their customer, they also sent in radb templates on behalf of their customer. The customer is a known rogue AS, but they still exist. This wasn't the first network they stole. They are US based, yet the network was registered to a company over seas. Untold numbers of spam were sent from that network for the hours that it was up. I only escaped because the spammers used a single word in the helo/ehlo parameter without a period and my server are in strict RFC mode.

Should we be spending time teaching people how to do positive prefix
filters, or trying to explain to them why the negative prefix filter
the last network administrator installed 2 years ago is out of date.
Both. Knowledge is power. It is the only thing everyone can agree upon. We need to educate people. We need to stop being tolerant to servers, services and networks that are not RFC complaint. We need to teach people how to use their network. We need to inform people that there are communication channels on the Internet. Teach them about the various mailing lists and resources that they need. Open their eyes to the truth about the Internet and how fragile it truely is.

What is the cross-over point?  When does the number of lines in a bogon
list become larger than the positive prefix filter?  If you are going to
list every sub-allocation which isn't routed, why not just list the
allocations which should be routed?
It's been tried. See the routing registries. Yet, what do you do when it's not used or unverified data? What's to keep someone from registering 9.5.0.0/16 in RADB and being considered "legitimate" even though the network belongs to IBM? There are networks that demand trust, and yet they are untrustworthy. Education is the key.


-Jack